Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS56655.roa
File:                     AS56655.roa (raw, json)
Hash identifier:          CwS/kjnT8P8gUcYMkrfJMawJo+6d7OfZWXNHhjhKquM=
Subject key identifier:   71:AA:FD:9F:44:6A:B1:9E:E8:D6:C3:05:18:2D:C0:38:26:86:56:E8
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       68F742BFBE32743DD2355F1B44D478A446150662
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS56655.roa
Signing time:             Wed 29 Oct 2025 08:45:35 +0000
ROA not before:           Wed 29 Oct 2025 08:40:35 +0000
ROA not after:            Wed 28 Oct 2026 08:45:35 +0000
asID:                     56655
IP address blocks:        143.14.18.0/24 maxlen: 24
                          143.14.40.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 16:49:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:f7:42:bf:be:32:74:3d:d2:35:5f:1b:44:d4:78:a4:46:15:06:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Oct 29 08:40:35 2025 GMT
            Not After : Oct 28 08:45:35 2026 GMT
        Subject: CN=71AAFD9F446AB19EE8D6C305182DC038268656E8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:a1:a0:41:96:37:c7:5f:57:b3:cd:44:be:bb:
                    f1:98:86:7d:f6:5f:ee:82:9b:7b:9c:e5:8e:88:78:
                    98:de:46:12:75:07:08:6f:14:4e:18:35:b6:f7:a9:
                    2b:63:6d:aa:50:72:0b:23:46:6a:c0:33:90:63:69:
                    be:a8:28:51:9f:e6:db:b0:d3:31:97:b3:ef:e3:3b:
                    33:81:44:25:2b:cc:e6:d5:cc:b8:37:dc:52:42:97:
                    12:7a:85:e5:28:74:fe:91:82:25:2b:c8:ab:cf:73:
                    21:a9:53:1d:52:93:56:1a:10:a4:25:b2:79:15:3a:
                    46:90:b2:6d:93:af:d2:99:ef:61:c9:c2:8e:7c:f5:
                    6b:36:6d:6b:83:f1:9a:16:aa:af:b6:89:34:64:ab:
                    4c:b9:7b:dd:44:7f:62:c3:9e:68:02:cd:6d:35:62:
                    c6:1b:d1:31:17:17:41:10:07:ee:e4:9e:79:24:2c:
                    39:de:13:44:56:a6:7b:de:dd:bf:aa:b6:d9:35:ae:
                    4a:1c:36:45:6d:55:17:fb:4b:0d:84:4f:bd:4f:3f:
                    b7:ba:36:5d:74:42:38:81:4f:d1:48:8c:c6:10:ef:
                    61:f0:0c:89:47:1f:2a:00:2d:a5:11:dd:bb:a2:b2:
                    49:88:3c:27:70:af:c8:7a:72:98:00:6c:64:ac:29:
                    35:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:AA:FD:9F:44:6A:B1:9E:E8:D6:C3:05:18:2D:C0:38:26:86:56:E8
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS56655.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.18.0/24
                  143.14.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6a:d6:f7:c7:7d:d7:02:19:76:4a:16:a5:50:fa:03:33:a5:d5:
         d7:bd:30:4c:1f:29:52:0d:31:18:41:06:8a:c2:d7:22:ba:b2:
         b2:7d:ba:56:c9:7e:69:37:20:7c:dd:9b:62:8d:8f:5a:3e:a1:
         a4:fc:a0:1d:4d:09:80:d2:5a:f9:6b:81:f7:13:d1:a5:d4:8a:
         cf:80:d9:33:55:3d:d8:ed:78:0c:dc:99:71:e9:03:26:f5:c9:
         9f:67:57:93:83:2a:58:ed:23:8f:59:4b:aa:97:5a:25:7e:40:
         08:f3:d0:bb:eb:12:63:51:fa:f8:31:8d:11:0b:79:1c:15:59:
         48:a4:af:d5:5e:e0:69:81:6a:8b:1f:c9:2f:78:a6:6e:c7:fa:
         b9:b8:08:aa:cf:41:c7:6c:4e:d1:e9:54:3d:59:7d:83:33:d7:
         60:92:83:0f:29:e5:31:24:a0:e7:74:cf:71:ed:c9:e1:a0:a7:
         38:08:38:ac:ae:7f:09:af:de:02:02:26:1d:e6:fb:3a:ce:98:
         5e:a0:0f:a2:4c:df:71:2e:33:9d:99:0b:a2:53:7b:30:4a:d9:
         ed:a6:e8:23:ef:ed:c6:8e:d3:e8:96:17:3a:e9:e0:54:50:88:
         71:39:ad:c7:0d:2d:e4:53:92:e5:89:61:50:9b:ab:b6:7c:37:
         45:f8:ab:2e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUaPdCv74ydD3SNV8bRNR4pEYVBmIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTEwMjkwODQwMzVaFw0yNjEwMjgwODQ1MzVaMDMxMTAvBgNV
BAMTKDcxQUFGRDlGNDQ2QUIxOUVFOEQ2QzMwNTE4MkRDMDM4MjY4NjU2RTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCUoaBBljfHX1ezzUS+u/GYhn32
X+6Cm3uc5Y6IeJjeRhJ1BwhvFE4YNbb3qStjbapQcgsjRmrAM5Bjab6oKFGf5tuw
0zGXs+/jOzOBRCUrzObVzLg33FJClxJ6heUodP6RgiUryKvPcyGpUx1Sk1YaEKQl
snkVOkaQsm2Tr9KZ72HJwo589Ws2bWuD8ZoWqq+2iTRkq0y5e91Ef2LDnmgCzW01
YsYb0TEXF0EQB+7knnkkLDneE0RWpnve3b+qttk1rkocNkVtVRf7Sw2ET71PP7e6
Nl10QjiBT9FIjMYQ72HwDIlHHyoALaUR3buiskmIPCdwr8h6cpgAbGSsKTUFAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUcar9n0RqsZ7o1sMFGC3AOCaGVugwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNTY2NTUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACPDhID
BAKPDigwDQYJKoZIhvcNAQELBQADggEBAGrW98d91wIZdkoWpVD6AzOl1de9MEwf
KVINMRhBBorC1yK6srJ9ulbJfmk3IHzdm2KNj1o+oaT8oB1NCYDSWvlrgfcT0aXU
is+A2TNVPdjteAzcmXHpAyb1yZ9nV5ODKljtI49ZS6qXWiV+QAjz0LvrEmNR+vgx
jRELeRwVWUikr9Ve4GmBaosfyS94pm7H+rm4CKrPQcdsTtHpVD1ZfYMz12CSgw8p
5TEkoOd0z3HtyeGgpzgIOKyufwmv3gICJh3m+zrOmF6gD6JM33EuM52ZC6JTezBK
2e2m6CPv7caO0+iWFzrp4FRQiHE5rccNLeRTkuWJYVCbq7Z8N0X4qy4=
-----END CERTIFICATE-----